US7277542B2 - Stream cipher encryption application accelerator and methods thereof - Google Patents

Stream cipher encryption application accelerator and methods thereof Download PDF

Info

Publication number
US7277542B2
US7277542B2 US09/916,557 US91655701A US7277542B2 US 7277542 B2 US7277542 B2 US 7277542B2 US 91655701 A US91655701 A US 91655701A US 7277542 B2 US7277542 B2 US 7277542B2
Authority
US
United States
Prior art keywords
accelerator
data
memory
state memory
recited
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related, expires
Application number
US09/916,557
Other languages
English (en)
Other versions
US20020037079A1 (en
Inventor
Donald E. Duval
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Avago Technologies International Sales Pte Ltd
Original Assignee
Broadcom Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Broadcom Corp filed Critical Broadcom Corp
Priority to US09/916,557 priority Critical patent/US7277542B2/en
Assigned to BROADCOM CORPORATION reassignment BROADCOM CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: DUVAL, DONALD E.
Priority to DE60117230T priority patent/DE60117230T2/de
Priority to EP01308059A priority patent/EP1191739B1/de
Publication of US20020037079A1 publication Critical patent/US20020037079A1/en
Priority to US11/905,468 priority patent/US7903813B2/en
Application granted granted Critical
Publication of US7277542B2 publication Critical patent/US7277542B2/en
Assigned to BANK OF AMERICA, N.A., AS COLLATERAL AGENT reassignment BANK OF AMERICA, N.A., AS COLLATERAL AGENT PATENT SECURITY AGREEMENT Assignors: BROADCOM CORPORATION
Assigned to AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD. reassignment AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BROADCOM CORPORATION
Assigned to BROADCOM CORPORATION reassignment BROADCOM CORPORATION TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENTS Assignors: BANK OF AMERICA, N.A., AS COLLATERAL AGENT
Assigned to AVAGO TECHNOLOGIES INTERNATIONAL SALES PTE. LIMITED reassignment AVAGO TECHNOLOGIES INTERNATIONAL SALES PTE. LIMITED MERGER (SEE DOCUMENT FOR DETAILS). Assignors: AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD.
Assigned to AVAGO TECHNOLOGIES INTERNATIONAL SALES PTE. LIMITED reassignment AVAGO TECHNOLOGIES INTERNATIONAL SALES PTE. LIMITED CORRECTIVE ASSIGNMENT TO CORRECT THE ASSIGNOR EXECUTION DATE PREVIOUSLY RECORDED AT REEL: 047642 FRAME: 0001. ASSIGNOR(S) HEREBY CONFIRMS THE MERGER. Assignors: AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD.
Adjusted expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/60Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
    • G06F7/72Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
    • G06F7/722Modular multiplication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/38Methods or arrangements for performing computations using exclusively denominational number representation, e.g. using binary, ternary, decimal representation
    • G06F7/48Methods or arrangements for performing computations using exclusively denominational number representation, e.g. using binary, ternary, decimal representation using non-contact-making devices, e.g. tube, solid state device; using unspecified devices
    • G06F7/499Denomination or exception handling, e.g. rounding or overflow
    • G06F7/49936Normalisation mentioned as feature only
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce

Definitions

  • the present invention relates to a deployed cryptographic application in a distributed computing environment. More specifically, a stream cipher encryption algorithm accelerator and methods of use thereof is described.
  • RC4 is a trademark of RSA Security Inc of Redwood City, Calif.
  • RC4TM is a secure, variable key-size stream cipher with byte-oriented operations.
  • the RC4TM algorithm is based on the use of a random permutation having a period that is overwhelmingly likely to be greater than 10 100 . Typically, eight to sixteen machine operations are required per output byte.
  • RC4TM uses a variable length key from 1 to 256 bytes to initialize a 256-byte state table.
  • the state table is used for subsequent generation of pseudo-random bytes and then to generate a pseudo-random stream which is XORed with the plaintext to give the ciphertext.
  • Each element in the state table is swapped at least once.
  • RC4TM was proprietary and details of the algorithm were only available after signing a nondisclosure agreement.
  • someone anonymously posted source code (referred to as “Alleged RC4”, or more commonly referred to as ARCFOUR) to a user group mailing list.
  • ARCFOUR quickly spread to various Usenet newsgroups and, ultimately, via the Internet to ftp sites around the world. Readers with legal copies of RC4 confirmed compatibility between ARCFOUR and RC4TM owned by RSA Data Security, Inc. which tried unsuccessfully to claim that ARCFOUR was a trade secret even though it was public. Consequently, ARCFOUR has become the defacto standard for online encryption and has become one of the most popular encryption algorithms in the browser market.
  • the conventional system 100 includes a CPU 102 coupled to a first memory array 104 used to store a secret key(s) and a second memory array 106 used to store an incrementing pattern by way of an interface 108 .
  • the CPU 102 is also connected to a state array unit 110 and a data storage device 112 , such as a register, memory device, and so on, used to store a message 114 to be, in this example, encrypted using the ARCFOUR algorithm.
  • a process 200 as shown by the flowchart illustrated in FIG. 2 is used.
  • the CPU 102 performs a mixing operation by, at 202 , storing an incrementing pattern in the second memory array 106 and a secret key (or keys) in the first memory array 104 .
  • the CPU 102 performs a shifting operation based upon the key values stored in the first memory array 104 and at 206 updates the state array 110 thereby completing the mixing operation.
  • the CPU 102 performs a ciphering operation at 208 on each byte of the message 112 until such time as the encrypted message is ready to be transmitted to a receiver. It should be noted that a received encrypted message is decrypted in a substantially similar manner.
  • an efficient encryption accelerator and methods of use thereof that off loads most, if not all, of the encryption/decryption operations from a system CPU.
  • the efficient encryption accelerator is most appropriate for use in a secure e-commerce transaction carried out over an unsecure network of distributed computing devices, such as the Internet.
  • An efficient encryption system and encryption accelerator are disclosed.
  • the encryption system and encryption accelerator is most appropriate for use in executing a secure e-commerce transaction carried out over an unsecure network of distributed computing devices, such as the Internet.
  • a system for encrypting and decrypting data formed of a number of bytes using an encryption algorithm includes a system bus and an encryption accelerator arranged to execute the encryption algorithm coupled to the system bus.
  • an encryption accelerator produces an initial incrementing state memory pattern totally in hardware whereas the shuffling operation is performed by transferring the secret key data in bytes into the accelerator via an external interface. It should be noted that the shuffling operation is performed on the fly as the key data transfer takes place. After the state memory shuffling operation has been completed, the data that is to be encrypted (or decrypted) is transferred to the accelerator through the external interface. For each byte of date the accelerator produces a byte from the state memory which is exclusive-OR'd with the byte of data. The state memory is then shuffled further through a data dependent swapping operation.
  • the accelerator uses the ARCFOUR encryption algorithm and is capable of operating in a number of modes.
  • One such mode is arranged to accommodate an interruption of the processing of a first data stream to process a second, orthogonal data stream. After completion of the processing of the second data stream, the first data stream processing is restarted where it originally left off.
  • FIG. 1 illustrates a conventional CPU based encryption/decryption system.
  • FIG. 2 shows a flowchart detailing a process for encrypting a message using an ARCFOUR encryption process.
  • FIG. 3 shows a system having an encryption accelerator coupled to a central processing unit in accordance with an embodiment of the invention.
  • FIG. 4 shows a particular implementation of the encryption accelerator shown in FIG. 3 .
  • FIG. 5 shows a particular implementation of the encryption accelerator in accordance with an embodiment of the invention that includes a state machine coupled to the state memory and an input interface.
  • FIG. 6 shows a flowchart detailing a process for implementing the ARCFOUR algorithm by the accelerator in accordance with an embodiment of the invention.
  • FIG. 7 shows a flowchart detailing a process for implementing the ciphering operation of the process shown in FIG. 6 .
  • FIG. 8 illustrates a typical, general-purpose computer system suitable for implementing the present invention.
  • the inventive encryption accelerator implements the ARCFOUR algorithm by requiring that a 256 byte state memory be initialized with an incrementing pattern (i.e., location 0 contains the value 0, location 1 contains the value 1, and so on).
  • a key consisting of one to 256 bytes where each byte is 8 bits, is then used to move the state memory values to new locations in a shuffling operation.
  • the values in the state memory at the end of this operation consist of the numbers 0 through 255, but the locations of those values are only known if the key is known.
  • this inventive accelerator produces the initial incrementing state memory pattern totally in hardware whereas the shuffling operation is performed by transferring the key data, modulo key length in bytes into the accelerator via an external interface. It should be noted that the shuffling operation is performed on the fly as the key data transfer takes place.
  • the data that is to be encrypted (or decrypted) is transferred to the accelerator through the external interface.
  • the accelerator produces a byte from the state memory that is exclusive-OR'd with the byte of data to produce the encrypted byte of data.
  • the state memory is then shuffled further through a data dependent swapping operation.
  • the inventive encryption accelerator is capable of accommodating multiple streams of data by, for example, operating in multiple modes. These operation modes include an Initial Mode and a Continuation Mode.
  • Initial Mode When the accelerator is operating in the Initial Mode, the operations described above are performed sequentially, whereas in the Continuation mode, the state memory is loaded with the contents of the state memory that were saved when an earlier stream of data was interrupted. In either mode, when a Last Transfer flag is not set, the contents of the state memory are saved externally to the accelerator.
  • the invention will now be described in terms of an encryption/decryption accelerator system that can be implemented in a number of ways, such as for example, as a stand alone integrated circuit, as embedded software, or as a subsystem included in, for example, a server computer used in a variety of Internet and Internet related activities. It should be noted, however, that the invention is not limited to the described embodiments and can be used in any system where high speed encryption is desired.
  • FIG. 3 shows a system 300 having an encryption accelerator 302 coupled to a central processing unit 304 in accordance with an embodiment of the invention.
  • the encryption accelerator 302 is coupled to the CPU 304 by way of an I/O bus 306 that is, in turn, coupled to a system bus 308 .
  • a system memory 312 Also coupled to the system bus 308 by way of a memory bus 310 is a system memory 312 arranged, in this implementation, to store a secret key (or keys) corresponding to a particular message (or messages) to be encrypted (or decrypted).
  • a buffer or other such storage device can be used to intermittently store the message to be encrypted at a point that is in temporal proximity to the accelerator 302 thereby improving system 300 performance.
  • a storage device can include a FIFO type buffer or buffers used to store, for example, the message to be encrypted or the encrypted message prior to being transmitted to an I/O port 314 coupled to external circuitry.
  • the inventive encryption accelerator 302 implements the ARCFOUR algorithm by requiring that a state memory 316 be initialized with an incrementing pattern (i.e., location 0 contains the value 0, location 1 contains the value 1, and so on) .
  • the state memory 316 is 256 bytes in size.
  • a secret key array 318 that is stored in the system memory 312 is used to move state memory values to new locations in the state memory 316 .
  • the secret key array 318 consists of 256 bytes, where each byte is 8 bits. The secret key array 318 is produced by repeating the secret key until 256 bytes are filled.
  • the values in the state memory 316 at the end of the shuffling operation consist of the numbers 0 through 255, but the locations of those values in the state memory 316 are only known if the secret key array 318 is known.
  • this inventive accelerator 302 produces the initial incrementing state memory pattern totally in hardware whereas the shuffling operation is performed by transferring the secret key array 318 and an associated message data length (in bytes) into the accelerator 302 via the system bus 308 and any intervening external interfaces thereby preserving valuable CPU resources. It should be noted that the shuffling operation in the state memory 316 is performed “on the fly” as transfer of the secret key array 318 takes place.
  • the data that is to be encrypted is transferred to the accelerator 302 through the system bus 308 .
  • the accelerator 302 produces a byte from the state memory 316 which is exclusive-OR'd with the corresponding byte of data to be encrypted.
  • the state memory 316 is then shuffled further through a data dependent swapping operation.
  • the encryption accelerator 302 is capable of operating in multiple modes that include an Initial Mode and a Continuation Mode.
  • Initial Mode When the accelerator is operation in the Initial Mode, the operations described above are performed sequentially.
  • the state memory 316 when in the Continuation mode, the state memory 316 is reloaded with the contents of the state memory 316 that were saved to external memory (such as the system memory 312 , if so desired) when a Last Transfer flag is not set when an earlier stream of data was interrupted.
  • FIG. 5 shows a particular implementation of the encryption accelerator 302 in accordance with an embodiment of the invention that includes a state machine 502 coupled to the state memory 316 and an input interface 504 .
  • the accelerator 302 also includes an index I counter 506 and an index J counter 508 each coupled to the state machine 502 and a combinational logic block 509 .
  • a combinational logic block 510 is coupled to the state memory 316 and the state machine 502 as well as an output interface 512 .
  • the combinational logic block 510 is configured to operate as an exclusive OR logic block.
  • an input FIFO 514 and an output FIFO 516 each coupled to the state machine 502 and the system bus 308 are provided to latch the data to be encrypted (on the input side) and the encrypted data (on the output side).
  • the state machine 502 directs the shuffling operation in the state memory 316 by causing the secret key array 318 to be retrieved from the system memory 312 and directing the counters 506 and 508 to increment the indices (i,j) accordingly. In this way, the shuffling operations are completely performed by the accelerator 302 thereby preserving valuable CPU resources.
  • the state machine 502 determines that when data to be encrypted is stored in the input FIFO 514 , that on a byte wise basis, the data to be encrypted is passed by way of the input interface to the combination logic block where, in this example, it is exclusive OR'd with the contents of the state memory 316 .
  • the result of this exclusive OR'ing operation represents an encrypted byte which is then passed to the output FIFO 516 .
  • the state machine 502 determines if there are additional bytes to be encrypted and if so determined, directs the accelerator 302 to act accordingly.
  • the state machine 502 when in continuation mode, if a second data stream is to be processed, the state machine 502 directs that the contents of the state memory 316 be stored externally (if the last transfer flag is not set) until such time as the second data stream has been completely processed by the accelerator 302 . At this point, the state machine 502 directs that the stored values of the state memory 316 corresponding to the last state of the processing of the first data stream be restored to the state memory 316 and then restarts processing of the interrupted first data stream.
  • FIG. 6 shows a flowchart detailing a process 600 for implementing the ARCFOUR algorithm by the accelerator 302 in accordance with an embodiment of the invention.
  • the process 600 begins at 602 where the state machine is initialized. Next, at 603 , an incrementing pattern is stored in the state memory. Next at 604 , the index variables i and j are initialized.
  • the state machine directs a shuffling operation, according to the ARCFOUR (or RC4) stream cipher, that includes, at 608 , adding the contents of the i th element of the state memory to the variable j and the nth element of the secret key array. The variable j is then set to the sum calculated in step 608 modulo 256 .
  • the i th and j th elements of the state memory are swapped.
  • the i th index variable is incremented, and at 614 a determination is made whether or not the incremented index variable i is greater than the maximum allowable value. If the incremented index variable i is not greater than the max value, then the shuffling operation 606 continues, otherwise, the index variables i and j are initialized at 616 thereby completing the key setup portion of the ARCFOUR algorithm.
  • a ciphering portion of ARCFOUR algorithm is performed at 618 on a data stream to be encypted to form an encrypted data stream at 620 .
  • FIG. 7 shows a flowchart detailing a process 700 for implementing the ciphering operation 618 , according to the ARCFOUR (or RC4) stream cipher, of the process 600 shown in FIG. 6 .
  • the process 700 begins at 702 by receiving a byte of the data to be encrypted and at 704 by incrementing the index variable i by one.
  • the variable i is then set to the incremented value determined in step 704 modulo 256 .
  • the variable j is then set to the sum of j and the i th element of the state memory modulo 256 .
  • the contents of the i th element of the state memory is added to the j th element of the state memory while at 708 the i th and j th elements of the state memory are swapped.
  • the i th and the j th elements of the state memory are added together to form a new value n.
  • the variable n is then set to the value n determined in step 709 modulo 256 .
  • an encrypted output byte is formed by combining the nth element of the state memory with the data byte to be encrypted using a bit by bit exclusive OR operation.
  • a determination is made whether or not there are additional bytes to be encrypted. If there are additional bytes, then control is passed back to 702 , otherwise processing is stopped.
  • FIG. 8 illustrates a typical, general-purpose computer system 800 suitable for implementing the present invention.
  • the computer system 800 includes at least one processor (CPU) 802 that is coupled to memory devices including primary storage devices 806 (typically a read only memory, or ROM) and primary storage devices 804 (typically a random access memory, or RAM).
  • primary storage devices 806 typically a read only memory, or ROM
  • primary storage devices 804 typically a random access memory, or RAM
  • Computer system 800 or, more specifically, CPUs 802 , may be arranged to support a virtual machine, as will be appreciated by those skilled in the art.
  • ROM acts to transfer data and instructions uni-directionally to the CPUs 802
  • RAM is used typically to transfer data and instructions in a bi-directional manner.
  • CPUs 802 may generally include any number of processors.
  • Both primary storage devices 804 , 806 may include any suitable computer-readable media.
  • a secondary storage medium 808 which is typically a mass memory device, is also coupled bi-directionally to CPUs 802 and provides additional data storage capacity.
  • the mass memory device 808 is a computer-readable medium that may be used to store programs including computer code, data, and the like.
  • mass memory device 808 is a storage medium such as a hard disk or a tape which generally slower than primary storage devices 804 , 806 .
  • Mass memory storage device 808 may take the form of a magnetic or paper tape reader or some other well-known device. It will be appreciated that the information retained within the mass memory device 808 , may, in appropriate cases, be incorporated in standard fashion as part of RAM 806 as virtual memory.
  • a specific primary storage device 804 such as a CD-ROM may also pass data uni-directionally to the CPUs 802 .
  • CPUs 802 are also coupled to one or more input/output devices 810 that may include, but are not limited to, devices such as video monitors, track balls, mice, keyboards, microphones, touch-sensitive displays, transducer card readers, magnetic or paper tape readers, tablets, styluses, voice or handwriting recognizers, or other well-known input devices such as, of course, other computers.
  • CPUs 802 optionally may be coupled to a computer or telecommunications network, e.g., an internet network or an intranet network, using a network connection as shown generally at 812 . With such a network connection, it is contemplated that the CPUs 802 might receive information from the network, or might output information to the network in the course of performing the above-described method steps.
  • Such information which is often represented as a sequence of instructions to be executed using CPUs 802 , may be received from and outputted to the network, for example, in the form of a computer data signal embodied in a carrier wave.
  • the above-described devices and materials will be familiar to those of skill in the computer hardware and software arts.

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computational Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • Software Systems (AREA)
  • Storage Device Security (AREA)
US09/916,557 2000-09-25 2001-07-26 Stream cipher encryption application accelerator and methods thereof Expired - Fee Related US7277542B2 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
US09/916,557 US7277542B2 (en) 2000-09-25 2001-07-26 Stream cipher encryption application accelerator and methods thereof
DE60117230T DE60117230T2 (de) 2000-09-25 2001-09-21 Stromverschlüsselungsanwendungsbeschleuniger und zugehöriges Verfahren
EP01308059A EP1191739B1 (de) 2000-09-25 2001-09-21 Stromverschlüsselungsanwendungsbeschleuniger und zugehöriges Verfahren
US11/905,468 US7903813B2 (en) 2000-09-25 2007-10-01 Stream cipher encryption application accelerator and methods thereof

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US23519000P 2000-09-25 2000-09-25
US09/916,557 US7277542B2 (en) 2000-09-25 2001-07-26 Stream cipher encryption application accelerator and methods thereof

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US11/905,468 Continuation US7903813B2 (en) 2000-09-25 2007-10-01 Stream cipher encryption application accelerator and methods thereof

Publications (2)

Publication Number Publication Date
US20020037079A1 US20020037079A1 (en) 2002-03-28
US7277542B2 true US7277542B2 (en) 2007-10-02

Family

ID=26928658

Family Applications (2)

Application Number Title Priority Date Filing Date
US09/916,557 Expired - Fee Related US7277542B2 (en) 2000-09-25 2001-07-26 Stream cipher encryption application accelerator and methods thereof
US11/905,468 Expired - Fee Related US7903813B2 (en) 2000-09-25 2007-10-01 Stream cipher encryption application accelerator and methods thereof

Family Applications After (1)

Application Number Title Priority Date Filing Date
US11/905,468 Expired - Fee Related US7903813B2 (en) 2000-09-25 2007-10-01 Stream cipher encryption application accelerator and methods thereof

Country Status (3)

Country Link
US (2) US7277542B2 (de)
EP (1) EP1191739B1 (de)
DE (1) DE60117230T2 (de)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030007637A1 (en) * 2001-07-05 2003-01-09 Banks David Murray Document encryption
US20030044007A1 (en) * 2001-08-24 2003-03-06 Broadcom Corporation Methods and apparatus for accelerating ARC4 processing
US20080107260A1 (en) * 2000-09-25 2008-05-08 Broadcom Corporation Stream cipher encryption application accelerator and methods thereof
US8533456B2 (en) 2010-10-07 2013-09-10 King Saud University Accelerating stream cipher operations using single and grid systems
US8839000B2 (en) 2009-03-23 2014-09-16 Hewlett-Packard Development Company, L.P. System and method for securely storing data in an electronic device
US9977749B2 (en) 2014-09-01 2018-05-22 Samsung Electronics Co., Ltd. Application processor and data processing system including the same

Families Citing this family (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6990199B2 (en) 2001-06-12 2006-01-24 Corrent Corporation Apparatus and method for cipher processing system using multiple port memory and parallel read/write operations
KR100445406B1 (ko) * 2001-11-30 2004-08-25 주식회사 하이닉스반도체 데이터 암호화 장치 및 그 방법
US7006628B2 (en) * 2002-01-04 2006-02-28 Avaya Technology Corp. Efficient packet encryption method
JP3689384B2 (ja) * 2002-04-19 2005-08-31 アンリツ株式会社 移動体端末試験装置
US7151830B2 (en) * 2002-12-24 2006-12-19 International Business Machines Corporation Method, system, program product and state machine representation for encrypting and decrypting a message
EP1457859B1 (de) * 2003-03-14 2012-10-17 Broadcom Corporation Apparat zum Verschlüsseln/Entschlüsseln von Daten
US8234504B2 (en) 2003-04-15 2012-07-31 Broadcom Corporation Method and system for data encryption and decryption
US7260216B2 (en) * 2003-08-20 2007-08-21 International Business Machines Corporation State machine representation for encrypting and decrypting a set of data values and method for protecting the same
CN100499451C (zh) * 2003-08-26 2009-06-10 中兴通讯股份有限公司 网络通信安全处理器及其数据处理方法
US8739274B2 (en) 2004-06-30 2014-05-27 Citrix Systems, Inc. Method and device for performing integrated caching in a data communication network
US8495305B2 (en) 2004-06-30 2013-07-23 Citrix Systems, Inc. Method and device for performing caching of dynamically generated objects in a data communication network
US8954595B2 (en) 2004-12-30 2015-02-10 Citrix Systems, Inc. Systems and methods for providing client-side accelerated access to remote applications via TCP buffering
US7810089B2 (en) * 2004-12-30 2010-10-05 Citrix Systems, Inc. Systems and methods for automatic installation and execution of a client-side acceleration program
US8549149B2 (en) * 2004-12-30 2013-10-01 Citrix Systems, Inc. Systems and methods for providing client-side accelerated access to remote applications via TCP multiplexing
US20060253605A1 (en) * 2004-12-30 2006-11-09 Prabakar Sundarrajan Systems and methods for providing integrated client-side acceleration techniques to access remote applications
US8255456B2 (en) 2005-12-30 2012-08-28 Citrix Systems, Inc. System and method for performing flash caching of dynamically generated objects in a data communication network
US20070279969A1 (en) * 2006-06-02 2007-12-06 Raytheon Company Intrusion detection apparatus and method
US8594321B2 (en) * 2007-10-26 2013-11-26 International Business Machines Corporation Apparatus and method for operating a symmetric cipher engine in cipher-block chaining mode
US8437472B2 (en) * 2009-02-27 2013-05-07 Red Hat, Inc. Strengthened key schedule for arcfour
CA2767368C (en) 2009-08-14 2013-10-08 Azuki Systems, Inc. Method and system for unified mobile content protection
CN103427987B (zh) * 2012-05-25 2016-05-18 纬创资通股份有限公司 数据加密的方法、数据验证方法及电子装置
CN112351037B (zh) * 2020-11-06 2022-12-30 支付宝(杭州)信息技术有限公司 用于安全通信的信息处理方法及装置

Citations (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0093525A1 (de) 1982-04-30 1983-11-09 British Telecommunications Funkübertragung von verschlüsselten Signalen
US5297206A (en) 1992-03-19 1994-03-22 Orton Glenn A Cryptographic method for communication and electronic signatures
US5623548A (en) * 1994-01-10 1997-04-22 Fujitsu Limited Transformation pattern generating device and encryption function device
US5790817A (en) * 1996-09-25 1998-08-04 Advanced Micro Devices, Inc. Configurable digital wireless and wired communications system architecture for implementing baseband functionality
US5796836A (en) 1995-04-17 1998-08-18 Secure Computing Corporation Scalable key agile cryptography
EP0876026A2 (de) 1997-04-30 1998-11-04 Motorola, Inc. Verfahren und Verarbeitungsvorrichtung zur programmierbaren Verschlüsselung
EP0895164A2 (de) 1997-08-01 1999-02-03 Motorola, Inc. Verfahren und Einrichtung zur konfigurierbaren kryptographischen Verarbeitung
US5870474A (en) 1995-12-04 1999-02-09 Scientific-Atlanta, Inc. Method and apparatus for providing conditional access in connection-oriented, interactive networks with a multiplicity of service providers
US5936967A (en) 1994-10-17 1999-08-10 Lucent Technologies, Inc. Multi-channel broadband adaptation processing
US5943338A (en) 1996-08-19 1999-08-24 3Com Corporation Redundant ATM interconnect mechanism
US6111858A (en) 1997-02-18 2000-08-29 Virata Limited Proxy-controlled ATM subnetwork
US6189095B1 (en) * 1998-06-05 2001-02-13 International Business Machines Corporation Symmetric block cipher using multiple stages with modified type-1 and type-3 feistel networks
US6209077B1 (en) * 1998-12-21 2001-03-27 Sandia Corporation General purpose programmable accelerator board
US6216167B1 (en) 1997-10-31 2001-04-10 Nortel Networks Limited Efficient path based forwarding and multicast forwarding
US6243470B1 (en) * 1998-02-04 2001-06-05 International Business Machines Corporation Method and apparatus for advanced symmetric key block cipher with variable length key and block
WO2001080483A2 (en) 2000-04-13 2001-10-25 Broadcom Corporation Authentication engine architecture and method
US6477646B1 (en) * 1999-07-08 2002-11-05 Broadcom Corporation Security chip architecture and implementations for cryptography acceleration

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6549622B1 (en) * 1998-11-23 2003-04-15 Compaq Computer Corporation System and method for a fast hardware implementation of RC4
US7277542B2 (en) * 2000-09-25 2007-10-02 Broadcom Corporation Stream cipher encryption application accelerator and methods thereof
US6990199B2 (en) * 2001-06-12 2006-01-24 Corrent Corporation Apparatus and method for cipher processing system using multiple port memory and parallel read/write operations
US7403615B2 (en) * 2001-08-24 2008-07-22 Broadcom Corporation Methods and apparatus for accelerating ARC4 processing
US7043017B2 (en) * 2001-09-13 2006-05-09 Freescale Semiconductor, Inc. Key stream cipher device

Patent Citations (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0093525A1 (de) 1982-04-30 1983-11-09 British Telecommunications Funkübertragung von verschlüsselten Signalen
US5297206A (en) 1992-03-19 1994-03-22 Orton Glenn A Cryptographic method for communication and electronic signatures
US5623548A (en) * 1994-01-10 1997-04-22 Fujitsu Limited Transformation pattern generating device and encryption function device
US5936967A (en) 1994-10-17 1999-08-10 Lucent Technologies, Inc. Multi-channel broadband adaptation processing
US5796836A (en) 1995-04-17 1998-08-18 Secure Computing Corporation Scalable key agile cryptography
US5870474A (en) 1995-12-04 1999-02-09 Scientific-Atlanta, Inc. Method and apparatus for providing conditional access in connection-oriented, interactive networks with a multiplicity of service providers
US5943338A (en) 1996-08-19 1999-08-24 3Com Corporation Redundant ATM interconnect mechanism
US5790817A (en) * 1996-09-25 1998-08-04 Advanced Micro Devices, Inc. Configurable digital wireless and wired communications system architecture for implementing baseband functionality
US6111858A (en) 1997-02-18 2000-08-29 Virata Limited Proxy-controlled ATM subnetwork
EP0876026A2 (de) 1997-04-30 1998-11-04 Motorola, Inc. Verfahren und Verarbeitungsvorrichtung zur programmierbaren Verschlüsselung
EP0895164A2 (de) 1997-08-01 1999-02-03 Motorola, Inc. Verfahren und Einrichtung zur konfigurierbaren kryptographischen Verarbeitung
US6216167B1 (en) 1997-10-31 2001-04-10 Nortel Networks Limited Efficient path based forwarding and multicast forwarding
US6243470B1 (en) * 1998-02-04 2001-06-05 International Business Machines Corporation Method and apparatus for advanced symmetric key block cipher with variable length key and block
US6189095B1 (en) * 1998-06-05 2001-02-13 International Business Machines Corporation Symmetric block cipher using multiple stages with modified type-1 and type-3 feistel networks
US6209077B1 (en) * 1998-12-21 2001-03-27 Sandia Corporation General purpose programmable accelerator board
US6477646B1 (en) * 1999-07-08 2002-11-05 Broadcom Corporation Security chip architecture and implementations for cryptography acceleration
WO2001080483A2 (en) 2000-04-13 2001-10-25 Broadcom Corporation Authentication engine architecture and method

Non-Patent Citations (35)

* Cited by examiner, † Cited by third party
Title
"Applied Cryptography, Second Edition", Schneider, B., 1996, John Wiley & Sons, New York, XP002184521, cited in the application, p. 442, paragraph 18.7-p. 445.
"Compression for Broadband Data Communications", BlueSteel Networks, Inc., Sep. 8, 1999, pp. 1-9.
"Data Sheet 7751 Encryption Processor", Network Security Processors, Jun. 1999, pp. 1-84.
"Secure Products VMS115", VLSI Technology, Inc., Printed in USA, Document Control: VMS115, VI, 0, Jan. 1999, pp. 1-2.
"Securing and Accelerating e-Commerce Transactions", BlueSteel Networks, Inc., Revision 2.0, Oct. 20, 1999, pp. 1-7.
"Securing Broadband Communications" BlueSteel Networks, Inc., Sep. 8, 1999, pp. 1-10.
"SHA: The Secure Hash Algorithm Putting Message Digests to Work", Stallings, W., Dr. Dobbs Journal, Redwood City, CA, Apr. 1, 1994, p. 32-34, XP000570561.
"VMS115 Data Sheet", VLSI Technology, Inc., a subsidiary of Philips Semiconductors, Revision 2:3, Aug. 10, 1999, pp. 1-64.
3Com: "3Com Launces New Era of Network Connectivity", 3Com Press Release, Jun. 14, 1999, pp. 1-3.
Analog Devices: "ADSP2141 SafeNetDPS User's Manual, Revision 6", Analog Devices Technical Specifications, Mar. 2000, XP002163401, 87 Pages.
Analog Devices: "Analog Devices and IRE Announce First DSP-Based Internet Security System-On-A-Chip", Analog Devices Press Release, Online, Jan. 19, 1999, pp. 1-3. http://content.analog.com/pressrelease/prdisplay/0,1622,16,00.html.
C. Madson, R. Glenn: "RFC 2403- The Use of HMAC-MD5-96 within ESP and AH", IETF Request for Comments, Nov. 1998, XP002163402, Retrieved from Internet on Mar. 20, 2001, http://www.faqs.org/rfcs/frc2403.html, 87 Pages.
Deutsch, P., "DEFLATE Compressed Data Format Specification Version 1.3", Aladdin Enterprises, Network Working Group, May 1996, pp. 1-17.
Egevang, K., et al., "The IP Network Address Translator (NAT)", Network Working Group, May 1994, pp. 1-10.
Floyd, Sally, et al., "Random Early Detection Gateways for Congestion Avoidance", Lawrence Berkeley Laboratory, University of California, IEEE/ACM Transactions on Networking, Aug. 1993, pp. 1-32.
Harkins, D., et al., "The Internet Key Exchange (IKE)", Cisco Systems, Network Working Group, Nov. 1998, pp. 1-12.
Kent, S., "IP Authentication Header", Network Working Group, Nov. 1998, pp. 1-22.
Kent, S., et al., "IP Encapsulating Security Payload (ESP)", Network Working Group, Nov. 1998, pp. 1-22.
Kent, S., et al., "Security Architecture for the Internet Protocol", Network Working Group, Nov. 1998, pp. 1-66.
Keromytis, et al., "Implementing IPsec", Global Telecommunications Conference (Globecom), IEEE, Nov. 3, 1997, pp. 1948-1952.
Maughan, D, et al., "Internet Security Association and Key Management Protocol (ISAKMP)", Network Working Group, Nov. 1998, pp. 1-20.
Pall, G. S., et al., "Microsoft Point-To-Point Encryption (MPPE) Protocol", Microsoft Corporation, Network Working Group, Internet Draft, Oct. 1999, pp. 1-12.
Pierson, et al., "Context-Agile Encryption for High Speed Communication Networks", Computer Communications Review, Association for Computing Machinery, vol. 29, No. 1, Jan. 1999, pp. 35-49.
R. Sedgewick, "Algorithms in C-Third Edition", 1998, Addison Wesley XP002163543, pp. 573-608.
S. Kent, R. Atkinson: "RFC 2406-IP Encapsulating Security Payload (ESP)" IETF Request for Comments, Nov. 1998, XP002163400, Retrieved from the Internet on Mar. 20, 2001, http://www.faqs.org/rfcs/frc2406.html, 5 Pages.
Schneier, B.; Applied Cryptography, Other Stream Ciphers and Real Random-Sequence Generators; Applied Cryptography, Protocols, Algorithms, and Source Code In C, New York, New York; John Wiley & Sons, 1996; p. 397-398, XP002223345.
Search Report dated Apr. 29, 2003 from corresponding European Patent Application No. 01308059.3 filed Sep. 21, 2001.
Senie, D., "NAT Friendly Application Design Guidelines", Amaranth Networks, Inc., NAT Working Group, Internet-Draft, Sep. 1999, pp. 1-7.
Shenker, S., "Specification of Guaranteed Quality of Service", Network Working Group, Sep. 1997, pp. 1-20.
Sholander, et al., "The Effect of Algorithm-Agile Encryption on ATM Quality of Service", Global Telecommunications Conference (Globecom), IEEE, Nov. 3, 1997, pp. 470-474.
Smirni, et al., "Evaluation of Multiprocessor Allocation Policies", Technical Report, Vanderbilt University, Online, 1993, pp. 1-21.
Srisuresh, P., "Security Model with Tunnel-mode Ipsec for NAT Domains", Lucent Technologies, Network Working Group, Oct. 1999, pp. 1-11.
Srisuresh, P., et al., "IP Network Address Translator (NAT) Terminology and Considerations", Lucent Technologies, Network Working Group, Aug. 1999, pp. 1-30.
Tarman, et al., "Algorithm-Agile Encryption in ATM Networks", IEEE Computer, Sep. 1998, vol. 31, No. 1, pp. 57-64.
Wassal, et al., "A VLSI Architecture for ATM Algorithm-Agile Encryption", Proceedings Ninth Great Lakes Symposium on VLSI, Mar. 4-6, 1999, pp. 325-328.

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080107260A1 (en) * 2000-09-25 2008-05-08 Broadcom Corporation Stream cipher encryption application accelerator and methods thereof
US7903813B2 (en) 2000-09-25 2011-03-08 Broadcom Corporation Stream cipher encryption application accelerator and methods thereof
US20030007637A1 (en) * 2001-07-05 2003-01-09 Banks David Murray Document encryption
US7436956B2 (en) * 2001-07-05 2008-10-14 Hewlett-Packard Development Company, L.P. Document encryption
US20030044007A1 (en) * 2001-08-24 2003-03-06 Broadcom Corporation Methods and apparatus for accelerating ARC4 processing
US7403615B2 (en) * 2001-08-24 2008-07-22 Broadcom Corporation Methods and apparatus for accelerating ARC4 processing
US8839000B2 (en) 2009-03-23 2014-09-16 Hewlett-Packard Development Company, L.P. System and method for securely storing data in an electronic device
US8533456B2 (en) 2010-10-07 2013-09-10 King Saud University Accelerating stream cipher operations using single and grid systems
US9977749B2 (en) 2014-09-01 2018-05-22 Samsung Electronics Co., Ltd. Application processor and data processing system including the same

Also Published As

Publication number Publication date
US20080107260A1 (en) 2008-05-08
DE60117230D1 (de) 2006-04-20
US7903813B2 (en) 2011-03-08
EP1191739A2 (de) 2002-03-27
EP1191739A3 (de) 2003-06-11
US20020037079A1 (en) 2002-03-28
DE60117230T2 (de) 2006-11-23
EP1191739B1 (de) 2006-02-15

Similar Documents

Publication Publication Date Title
US7903813B2 (en) Stream cipher encryption application accelerator and methods thereof
US8737606B2 (en) Method and system for high throughput blockwise independent encryption/decryption
US6185679B1 (en) Method and apparatus for a symmetric block cipher using multiple stages with type-1 and type-3 feistel networks
US6189095B1 (en) Symmetric block cipher using multiple stages with modified type-1 and type-3 feistel networks
EP2356771B1 (de) Blockchiffrierung mit niedriger latenz
US5778069A (en) Non-biased pseudo random number generator
EP1440535B1 (de) Verfahren und System zur Speicherverschlüsselung
US6185304B1 (en) Method and apparatus for a symmetric block cipher using multiple stages
JP5306465B2 (ja) セキュアなメモリに応用するメッセージ認証コードの事前計算
US8781117B2 (en) Generating pseudo random bits from polynomials
US8301905B2 (en) System and method for encrypting data
JP2001007800A (ja) 暗号化装置および方法
JPH06266670A (ja) 暗号化仮想端末初期化装置
EP2290871A2 (de) Verschlüsselungsverfahren und Vorrichtung mit Codezusammensetzung
US7841014B2 (en) Confidential information processing method, confidential information processor, and content data playback system
KR100834364B1 (ko) 3단계 암호화를 사용하여 메시지를 암호화 및 검증하는시스템 및 방법
US11296869B2 (en) Apparatus and method for unbreakable data encryption
US20040228485A1 (en) Method and apparatus for the generation of public key based on a user-defined ID in a cryptosystem
US20060269055A1 (en) Method and apparatus for improving performance and security of DES-CBC encryption algorithm
EP1655883B1 (de) Informationsverarbeitungsgerät, Informationsverarbeitungsverfahren, und Speichermedium
JP2005309148A (ja) データ変換装置およびデータ変換方法
US20040071287A1 (en) Encryption circuit arrangement and method therefor
JPH07134548A (ja) データ暗号化システム
Daswani et al. Symmetric Key Cryptography
JPH03155591A (ja) 逐次暗号装置

Legal Events

Date Code Title Description
AS Assignment

Owner name: BROADCOM CORPORATION, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:DUVAL, DONALD E.;REEL/FRAME:012034/0025

Effective date: 20010723

STCF Information on status: patent grant

Free format text: PATENTED CASE

FPAY Fee payment

Year of fee payment: 4

FPAY Fee payment

Year of fee payment: 8

AS Assignment

Owner name: BANK OF AMERICA, N.A., AS COLLATERAL AGENT, NORTH CAROLINA

Free format text: PATENT SECURITY AGREEMENT;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:037806/0001

Effective date: 20160201

Owner name: BANK OF AMERICA, N.A., AS COLLATERAL AGENT, NORTH

Free format text: PATENT SECURITY AGREEMENT;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:037806/0001

Effective date: 20160201

AS Assignment

Owner name: AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD., SINGAPORE

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:041706/0001

Effective date: 20170120

Owner name: AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:041706/0001

Effective date: 20170120

AS Assignment

Owner name: BROADCOM CORPORATION, CALIFORNIA

Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENTS;ASSIGNOR:BANK OF AMERICA, N.A., AS COLLATERAL AGENT;REEL/FRAME:041712/0001

Effective date: 20170119

AS Assignment

Owner name: AVAGO TECHNOLOGIES INTERNATIONAL SALES PTE. LIMITE

Free format text: MERGER;ASSIGNOR:AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD.;REEL/FRAME:047642/0001

Effective date: 20180509

AS Assignment

Owner name: AVAGO TECHNOLOGIES INTERNATIONAL SALES PTE. LIMITE

Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE ASSIGNOR EXECUTION DATE PREVIOUSLY RECORDED AT REEL: 047642 FRAME: 0001. ASSIGNOR(S) HEREBY CONFIRMS THE MERGER;ASSIGNOR:AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD.;REEL/FRAME:048675/0509

Effective date: 20180905

FEPP Fee payment procedure

Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

LAPS Lapse for failure to pay maintenance fees

Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Lapsed due to failure to pay maintenance fee

Effective date: 20191002